Australia’s government agencies need to strengthen their cybersecurity protections, an expert tells GN.
While government focuses on traditional security perimeters, one critical vulnerability remains largely overlooked – machine identities, says Rahul Dubey, vice-president at Global Public Sector Solutions at CyberArk.
Machine IDs are a unique digital credential – a fingerprint – that authorises machines to securely communicate with other machines. “We need to make sure that we are providing the best encryption because government service accounts and system accounts all have sensitive data,” he says.
With government agencies increasingly prone to cyberattacks, the urgency for stronger more adaptive cybersecurity has never been more important, says Dubey. “Data can be influenced – it can be hacked, it can be breached. There can be data leakages,” he tells GN. “We all know of the geopolitical factors that are happening, the election meddlings and the countries we are getting attacks from. That’s where, eminently, we have to make sure we are putting protections and guardrails around data.”
“[Governments] need to make sure data is fully encrypted and that it is on a secure channel and they need to know who is getting access to that data; who is processing that data – that needs to be an encrypted path also,” he adds.
GN asked Dubey whether Australia’s government agencies are adequately protected. “I cannot say 100 per cent any organisation is protected. There is a 1 per cent, 2 per cent or 5 per cent risk always there. But agencies which have the right set of controls to mitigate risks and the right set of tools and technologies to make sure they’re assessing the risks properly, and they’re protecting the data – protecting that critical infrastructure – and they’re conducting risk-based assessment evaluations, that is close to making sure you are secure.”
To keep ahead of the game, Australia will need people, processes and technology. “We need to make sure we invest in human resources, that we are investing our time developing processes and tools and technologies,” says Dubey. “When we invest in that, we are making sure we are keeping up with the latest technologies.”
“There will be other attacks and vulnerabilities.”
The other week – during ASIO’s annual assessment threat address – Australia’s top security chief Mike Burgess warned cyber-sabotage attempts will be enabled by advances in technology, particularly artificial intelligence.
So how to deal with the weaponisation of AI? “Defend with AI. Defend against AI. And defend the AI tools,” says Dubey. “AI can take the data signals from us as a provider and also map other security softwares out there. AI can correlate the anomalous behaviour – that’s how AI can be an enabler with us.”
As for defending against AI: “We need to make sure we are applying the machine-learning heuristics, looking at the data analytics so we can automate attack preventions,” Dubey tells GN. “You need to look at anomalous behaviour in analytics and apply the heuristics of machine learning – what the pattern is – that’s how we can defend against attacks.”
And protecting the tools: “The boundary, the software, the architecture, we need to make sure we are securing the network end-to-end. That’s how you can secure the AI tools,” says Dubey.
Vigilance is paramount. “There will be other attacks and vulnerabilities. It’s an evolving space.” Threats will come externally and internally, says Dubey. “We need to make sure that as we are protecting against offshore threats we are also protecting ourselves from insider threats as well.”
Agencies that rely on third parties need to be especially cautious. “You need to make sure you have an asset inventory of these tools and making sure where the data is actually transversing into third parties’ tools and technologies,” says Dubey. Agencies also need to keep a track of who has access to the tools and technologies, he adds.
Ultimately, government agencies need to implement zero trust architecture. “We need to make sure we are applying those pillars in all of our environments from an architecture perspective – network security, data security, application security,” Dubey tells GN. “We need to make sure code is protected – right from inception to production when it’s launched. We need to have security, not as an afterthought, we need to make sure security is ingrained at the start.”
And the starting point – “the first and foremost”, says Dubey – is machine identity security. “Because that’s the key to the kingdom.”
Leave a Reply